Amazon rewrote significant chunks of the Kindle interface to add full touch support and to make the controls more easily accessible with one hand.

Much of the interface was rewritten in HTML5 and JavaScript, rather than less accessible Java code, Lu wrote.

"In fact, many of the interfaces on the Touch are actually web pages in disguise," Lu wrote. "For example: the password entry screen, the search bar (which is just an HTML page with a frame), the browser, Wifi selection screen and even the music player."

None of the functions themselves are written in HTML5 or JavaScript because that would make them too slow, Lu wrote.

Only the interfaces use JavaScript, but Amazon built in hooks that allow JavaScript code to call function libraries in the Kindle's proprietary OS.

That makes for a more web-friendly interface, but also creates a connection to core functions of the OS that other developers can also exploit, though Lu didn't have to look too deep before finding a readty-made pathway through the Kindle's security:

"I found a curious function: nativeBridge.dbgCmd();. It seems too good to be true. This function takes any shell command, and runs it (as root). Yup. The web browser will run as root, any command given to it. Don’t go looking for remote code execution yet (although it is highly possible), as the native bridge seems to be disabled when in web browser mode (it may be able to be bypassed, but I haven’t looked into it)." – Yifan Lu, Dec. 10, 2011

Using that one command, Lu was able to write HTML and JavaScript commands in the ID3 comment tag of an MP3 file and run the scripts when the MP3 launched.

Lu also found two functions Amazon built into the Kindle but didn't advertise: an accelerometer and a proximity sensor. Both are functional, though no available Kindle apps use them; code written by other developers running on jailbroken systems should be able to access both, however, Lu wrote.

and should be accessible to code written to take advantage of them on jailbroken systems

The jailbreak code is written in the metadata of an MP3 file, and includes "very basic" USB network code that gives the user SSH-encrypted access to the Kindle.

The jailbreak doesn't change any of the files on Kindle unnecessarily and doesn't add new functionality. It only provides an entry for other developers or owners to make modifications using code they write themselves.

So far there are few, if any, rogue Kindle apps. As with iOS and Android, however, once an OS is jailbroken, it's only a matter of (a very short) time before ports of existing apps or entirely new one start circulating.

Where rogue developers go, malware writers quickly follow, though. As always, be careful what you download.